port knocking

[Lea Gris]

Noah a écrit :
> okay I like knockd.  the knockd.conf example file I have only shows a 
> sequence to TCP ports.
> 
> how do I only accept a sequence UDP packets on a particular port?

See man knockd Example #2

> Example #2:
>        This example uses a single knock to control access  to  port  22
>        (SSH).   After receiving a successful knock, the daemon will run
>        the start_command, wait for the time specified  in  cmd_timeout,
>        then  execute the stop_command.  This is useful to automatically
>        close the door behind a knocker.  The knock sequence  uses  both
>        UDP and TCP ports.

>        [options]
>             logfile = /var/log/knockd.log

>        [opencloseSSH]
>             sequence      = 2222:udp,3333:tcp,4444:udp
>             seq_timeout   = 15
>             tcpflags      = syn,ack
>             start_command = /usr/sbin/iptables -A INPUT -s %IP% -p tcp
-- syn -j ACCEPT
>             cmd_timeout   = 5
>             stop_command  = /usr/sbin/iptables -D INPUT -s %IP% -p tcp
-- syn -j ACCEPT

Basically, an UDP only sequence would be like:
	sequence = 2222:udp,3333:udp,4444:udp

Regards,

-- 
     Léa Gris - http://www.noiraude.net/
()   Campagne du ruban texte brut contre les courriels en HTML,
/\   contre les pièces jointes dans un format propriétaire.
     Contre les DRMs appelez le : 09f911029d74e35bd84156c5635688c0

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 252 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/ubuntu-users/attachments/20071228/a7f5d857/attachment.sig>